© Copyright 2006 Fortinet Incorporated. All rights reserved.
Products mentioned in this document are trademarks or registered trade-
marks of their respective holders.
Regulatory Compliance
FCC Class A Part 15 CSA/CUS
5 July 2006
Checking the Package Contents
Connecting
Planning the Configuration
Connector Type
Speed
Protocol
Description
Internal
RJ-45
10/100 Base-T Ethernet
Connection to the internal network.
External
RJ-45
10/100 Base-T Ethernet
Connection to the internet.
DMZ
RJ-45
10/100 Base-T Ethernet
Optional connection to a DMZ network, or to other
FortiGate-200 units for high availability. For details,
see the Documentation CD-ROM.
Console
DB-9
9600 Bps
RS-232
Optional connection to the management computer.
Provides access to the command line interface
(CLI).
Place the unit on a stable surface. It requires 1.5 inches (3.75 cm) clearance above and
on each side to allow for cooling.
Plug in power cable to unit before connecting power.
The Status light flashes while the unit is starting up and turns off when the system is up
and running.
•
•
•
Connect the FortiGate unit to a power outlet and to the internal and external networks.
Before beginning to configure the FortiGate unit, you need to plan how to integrate the unit into your network. Your configuration plan depends on the operating mode you select: NAT/Route
mode (the default) or Transparent mode.
NAT/Route mode
In NAT/Route mode, each FortiGate unit is visible to the network that it is connected to. All of
its interfaces are on different subnets. Each interface that is connected to a network must be
configured with an IP
address that is valid for
that network.
You would typically use
NAT/Route mode when
the FortiGate unit is
deployed as a gateway
between private and
public networks. In its
default NAT/Route mode
configuration, the unit
functions as a firewall.
Firewall policies control
communications through
the FortiGate unit. No traffic can pass through the FortiGate unit until you add firewall poli
-
cies. In NAT/Route mode, firewall policies can operate in NAT mode or in Route mode. In
NAT mode, the FortiGate unit performs network address translation before IP packets are
sent to the destination network. In Route mode, no translation takes place.
Transparent mode
In Transparent mode, the FortiGate unit is invisible to the network. All of its interfaces are on
the same subnet. You only have to configure a management IP address so that you can make
configuration changes.
You would typically use the
FortiGate unit in Transparent
mode on a private network
behind an existing firewall or
behind a router. In its default
Transparent mode configuration,
the unit functions as a firewall.
No traffic can pass through the
FortiGate unit until you add
firewall policies.
You can connect up to four network segments to the FortiGate unit to control traffic between
these network segments.
Router
Internet
Gateway to public network
204.23.1.5 10.10.10.2
Internal
network
Internal
External
Transparent mode policies
controlling traffic between
internal and external networks
10.10.10.1
Management IP
Refer to the Documentation CD-ROM for information on how to control traffic, and how to configure HA, antivirus protection, FortiGuard, Web content filtering, Spam filtering,
intrusion prevention (IPS), and virtual private networking (VPN).
FortiGate-200
01-30002-0034-20060705
LED
State
Description
Power
Green
The FortiGate unit is on.
Off
The FortiGate unit is off.
Status
Flashing Green
The FortiGate unit is starting up.
Green
The FortiGate unit is running normally.
Off
The FortiGate unit is powered off.
Internal,
External
DMZ
Green
The correct cable is in use and the connected
equipment has power.
Flashing Green
Network activity at this interface.
Flashing Amber
Network activity at this interface.
Off
No link established.
Internet
DMZ
network
DMZ
10.10.10.1
10.10.10.2
Internal
network
Internal
192.168.1.99
192.168.1.3
Route mode policies
controlling traffic between
Internal networks.
NAT policies controlling
traffic between internal
and external networks.
External
204.23.1.5
DMZ
CONSOLE
INTERNAL
EXTERNAL
INTERNAL
POWER
STATUS
EXTERNAL
DMZ
Straight-through Ethernet cable connects to Internet (public switch, router or modem)
Straight-through Ethernet cable connects to LAN or switch on internal network
Crossover Ethernet cable connects to management computer on internal network
or
Optional null modem cable connects to serial port on management computer
Power cable connects to power outlet
Optional straight-through Ethernet cable connects to DMZ network
DMZ
CONSOLE
INTERNAL
EXTERNAL
INTERNAL
POWER
STATUS
EXTERNAL
DMZ
Front
Back
DMZ
CONSOLE
INTERNAL
EXTERNAL
INTERNAL
POWER
STATUS
EXTERNAL
DMZ
DMZ
Interface
External
Interface
Internal
Interface
Status
LED
Internal, External,
DMZ Interface LEDs
Power
LED
RS-232 Serial
Connection
Removable
Hard Drive
Power
Connection
Power
Switch
Power Cable
Rack-Mount Brackets
Null-Modem Cable
(RS-232)
Documentation
Ethernet Cables:
Orange - Crossover
Grey - Straight-through
USER MANUAL
FortiGate-200
QuickStart Guide
Copyright 2003 Fortinet Incorporated. All rights reserved.
Trademarks
Products mentioned in this document are trademarks.
DMZ
CONSOLE
INTERNAL
EXTERNAL
INTERNAL
POWER
STATUS
EXTERNAL
DMZ
